2.17 Internet of Things Cybersecurity Improvement Act of 2020
Enacted in 2020 to establish minimum security standards for Internet of Things (IoT) devices owned and controlled by the federal government. This law gives authority to the CIO to prohibit the head of any agency from "procuring or obtaining, renewing a contract to procure or obtain, or using an IoT device" if they find through a mandatory review process that the use of the device prevents compliance with NIST standards and guidelines.
The CIO can waive this requirement only if:
- the waiver is necessary in the interest of national security;
- procuring, obtaining, or using such device is necessary for research purposes; or
- such device is secured using alternative and effective methods appropriate to the function of such device.
Latest News
AI Transparency Listening Session with the White House Office of Management and Budget
The White House Office of Management and Budget (OMB) is leading a series of listening sessions to learn more from industry about their approaches to AI transparency and auditable risk management.
AI in Action: 5 Essential Findings from the 2024 Federal AI Use Case Inventory
This year, agencies publicly reported more than 1,700 ways they are using Artificial Intelligence (AI) to advance their missions and deliver better experiences to the public.
CISO Council and CDO Council Release Joint Guide on Federal Zero Trust Data Security
Today, the CISO Council and CDO Council released the Federal Zero Trust (ZT) Data Security Guide, a first-of-its-kind document and key deliverable of OMB M-22-09, Moving the U.S. Government Towards Zero Trust Cybersecurity Principles. M-22-09 charged the Federal CDO Council and Federal CISO Council to convene a cross-agency working group of data and security experts to develop a data security guide for Federal agencies.